System and method for high-performance, low-power data center interconnect fabric

ABSTRACT

A system and method are provided that support a routing using a tree-like or graph topology that supports multiple links per node, where each link is designated as an Up, Down, or Lateral link, or both, within the topology. The system may use a segmented MAC architecture which may have a method of re-purposing MAC IP addresses for inside MACs and outside MACs, and leveraging what would normally be the physical signaling for the MAC to feed into the switch.

CROSS-REFERENCE TO RELATED PATENT APPLICATIONS

This application is a Continuation of U.S. application Ser. No.12/794,996, filed Jun. 7, 2010, which claims priority from ProvisionalApplication U.S. Application 61/256,723, filed Oct. 30, 2009, both ofwhich are incorporated herein by reference in its entirety.

BACKGROUND OF THE INVENTION

The disclosure relates generally to a switching fabric for acomputer-based system.

SUMMARY OF THE INVENTION

With the continued growth of the internet, web-based companies andsystems and the proliferation of computers, there are numerous datacenters that house multiple server computers in a location that istemperature controlled and can be externally managed as is well known.

FIGS. 1A and 1B show a classic data center network aggregation as iscurrently well known. FIG. 1A shows a diagrammatical view of a typicalnetwork data center architecture 100 wherein top level switches 101 a-nare at the tops of racks 102 a-n filled with blade servers 107 a-ninterspersed with local routers 103 a-f. Additional storage routers andcore switches. 105 a-b and additional rack units 108 a-n containadditional servers 104 e-k and routers 106 a-g FIG. 1 b shows anexemplary physical view 110 of a system with peripheral servers 111 a-bnarranged around edge router systems 112 a-h, which are placed aroundcentrally located core switching systems 113. Typically such anaggregation 110 has 1-Gb Ethernet from the rack servers to their top ofrack switches, and often 10 Gb Ethernet ports to the edge and corerouters.

However, what is needed is a system and method for packet switchingfunctionality focused on network aggregation that reduces size and powerrequirements of typical systems while reducing cost all at the same timeand it is to this end that the disclosure is directed.

BRIEF DESCRIPTION OF THE DRAWINGS

FIGS. 1A and 1B illustrate a typical data center system;

FIG. 2 is an overview of a network aggregation system;

FIG. 3 illustrates an overview of an exemplary data center in a racksystem;

FIG. 4 illustrates a high-level topology of a network aggregatingsystem;

FIG. 5A illustrates a block diagram of an exemplary switch of thenetwork aggregation system;

FIG. 5B illustrates the MAC address encoding;

FIG. 6 illustrates a first embodiment of a broadcast mechanism of thenetwork aggregation system;

FIG. 7 illustrates an example of unicast routing of the networkaggregation system;

FIG. 8 illustrates an example of fault-resistant unicast routing of thenetwork aggregation system; and

FIG. 9 illustrates a second embodiment of a broadcast mechanism of thenetwork aggregation system.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

The disclosure is particularly applicable to a network aggregationsystem and method as illustrated and described below and it is in thiscontext that the disclosure will be described. It will be appreciated,however, that the system and method has greater utility since the systemand method can be implemented using other elements and architecturesthat are within the scope of the disclosure and the disclosure is notlimited to the illustrative embodiments described below.

The system and method also supports a routing using a tree-like or graphtopology that supports multiple links per node, where each link isdesignated as an Up, Down, or Lateral link, or both, within thetopology. In addition, each node in the system maybe be a combinationcomputational/switch node, or just a switch node, and input/output (I/O)can reside on any node as described below in more detail. The system mayalso provide a system with a segmented Ethernet Media Access Control(MAC) architecture which may have a method of re-purposing MAC IPaddresses for inside MACs and outside MACs, and leveraging what wouldnormally be the physical signaling for the MAC to feed into the switch.The system may also provide a method of non-spoofing communication, aswell as a method of fault-resilient broadcasting, which may have amethod of unicast misrouting for fault resilience. In the context ofnetwork security, a spoofing attack is a situation in which one personor program successfully masquerades as another by falsifying data andthereby gaining an illegitimate advantage.

The system may also provide a rigorous security between the managementprocessors, such that management processors can “trust” one another. Inthe example system shown in FIG. 5A (which is described below in moredetail), there is a management processor within each SoC (the M3microcontroller, block 906, FIG. 5A). The software running on themanagement processor is trusted because a) the vendor (in this caseSmooth-Stone) has developed and verified the code, b) non-vendor code isnot allowed to run on the processor.

Maintaining a Trust relationship between the management processors allowthem to communicate commands (e.g. reboot another node) or requestsensitive information from another node without worrying that a usercould spoof the request and gain access to information or control of thesystem.

The system may also provide a network proxy that has an integratedmicrocontroller in an always-on power domain within a system on a chip(SOC) that can take over network proxying for the larger onboardprocessor, and which may apply to a subtree. The system also provide amulti-domaining technique that can dramatically expand the size of aroutable fat tree like structure with only trivial changes to therouting header and the routing table.

FIG. 2 illustrates a network aggregation system 300. The networkaggregation supports one or more high speed links 301 (thick lines),such as a 10-Gb/sec Ethernet communication, that connect an aggregationrouter 302 and one or more racks 303, such as three racks 303 a-c asshown in FIG. 3. In a first rack 303 a, the network aggregation systemprovides multiple high-speed 10 Gb paths, represented by thick lines,between one or more Smooth-Stone computing unit 306 a-d, such as servercomputers, on shelves within a rack. Further details of eachSmooth-Stone computing unit are described in more detail in U.S.Provisional Patent Application Ser. No. 61/256,723 filed on Oct. 30,2009 and entitled “System and Method for Enhanced Communications in aMulti-Processor System of a Chip (SOC)” which is incorporated herein inits entirety by reference. An embedded switch 306 a-d in theSmooth-Stone computing units can replace a top-of-rack switch, thussaving a dramatic amount of power and cost, while still providing a 10Gb Ethernet port to the aggregation router 302. The network aggregationsystem switching fabric can integrate traditional Ethernet (1 Gb or 10Gb) into the XAUI fabric, and the Smooth-Stone computing units can actas a top of rack switch for third-party Ethernet connected servers.

A middle rack 303 b illustrates another configuration of a rack in thenetwork aggregation system in which one or more Smooth-Stone computingunits 306 e, f can integrate into existing data center racks thatalready contain a top-of-rack switch 308 a. In this case, the IT groupcan continue to have their other computing units connected via 1 GbEthernet up to the existing top-of-rack switch and the internalSmooth-Stone computing units can be connected via 10 Gb XAUI fabric andthey can integrate up to the existing top-of-rack switch with either a 1Gb or 10 Gb Ethernet interconnects as shown in FIG. 2. A third rack 303c illustrates a current way that data center racks are traditionallydeployed. The thin red lines in the third rack 303 c represent 1 GbEthernet. Thus, the current deployments of data center racks istraditionally 1 Gb Ethernet up to the top-of-rack switch 308 b, and then10 Gb (thick red line 301) out from the top of rack switch to theaggregation router. Note that all servers are present in an unknownquantity, while they are pictured here in finite quantities for purposesof clarity and simplicity. Also, using the enhanced SS servers, noadditional routers are needed, as they operate their own XAUI switchingfabric, discussed below.

FIG. 3 shows an overview of an exemplary “data center in a rack” 400according to one embodiment of the system. The “data center in a rack”400 may have 10-Gb Ethernet PHY 401 a-n and 1-Gb private Ethernet PHY402. Large computers (power servers) 403 a-n support search; datamining; indexing; Apache Hadoop, a Java software framework; MapReduce, asoftware framework introduced by Google to support distributed computingon large data sets on clusters of computers; cloud applications; etc.Computers (servers) 404 a-n with local flash and/or solid-state disk(SSD) support search, MySQL, CDN, software-as-a-service (SaaS), cloudapplications, etc. A single, large, slow-speed fan 405 augments theconvection cooling of the vertically mounted servers above it. Datacenter 400 has an array 406 of hard disks, e.g., in a Just a Bunch ofDisks (JBOD) configuration, and, optionally, Smooth-Stone computingunits in a disk form factor (for example, the green boxes in arrays 406and 407), optionally acting as disk controllers. Hard disk servers or SSdisk servers may be used for web servers, user applications, and cloudapplications, etc. Also shown are an array 407 of storage servers andhistoric servers 408 a, b (any size, any vendor) with standard Ethernetinterfaces for legacy applications.

The data center in a rack 400 uses a proprietary system interconnectapproach that dramatically reduces power and wires and enablesheterogeneous systems, integrating existing Ethernet-based servers andenabling legacy applications. In one aspect, a complete server orstorage server is put in a disk or SSD form factor, with 8-16 SATAinterfaces with 4 ServerNodes™ and 8 PCIe x4 interfaces with 4ServerNodes™. It supports disk and/or SSD+ServerNode™, using aproprietary board paired with a disk(s) and supporting Web server, userapplications, cloud applications, disk caching, etc.

The Smooth-Stone XAUI system interconnect reduces power, wires and thesize of the rack. There is no need for high powered, expensive Ethernetswitches and high-power Ethernet Phys on the individual servers. Itdramatically reduces cables (cable complexity, costs, significant sourceof failures). It also enables a heterogeneous server mixture inside therack, supporting any equipment that uses Ethernet or SATA or PCIe. Itcan be integrated into the system interconnect.

The herein presented aspects of a server-on-a-chip (SOC) with packetswitch functionality are focused on network aggregation. The SOC is nota fully functionally equivalent to an industry-standard network switch,such as, for example, a Cisco switch or router. But for certainapplications discussed throughout this document, it offers a betterprice/performance ratio as well as a power/performance ratio. Itcontains a layer 2 packet switch, with routing based onsource/destination MAC addresses. It further supports virtual local areanetwork (VLAN), with configurable VLAN filtering on domain incomingpackets to minimize unnecessary traffic in a domain. The embedded MACswithin the SOC do have complete VLAN support providing VLAN capabilityto the overall SOC without the embedded switch explicitly having VLANsupport. It can also wake up the system by management processornotifying the management processor on link state transitions toreprogram routing configurations to route around faults. Suchfunctionality does not require layer3 (or above) processing (i.e., it isnot a router). It also does not offer complete VLAN support, support forQoS/CoS, address learning, filtering, spanning tree protocol (STP), etc.

FIG. 4 shows a high-level topology 800 of the network system thatillustrates XAUI connected SoC nodes connected by the switching fabric.The 10 Gb Ethernet ports Eth0 801 a and Eth1 801 b come from the top ofthe tree. Ovals 802 a-n are Smooth-Stone nodes that comprise bothcomputational processors as well as the embedded switch. The nodes havefive XAUI links connected to the internal switch. The switching layersuse all five XAUI links for switching. Level 0 leaf nodes 802 d, e(i.e., N0n nodes, or Nxy, where x=level and y=item number) only use oneXAUI link to attach to the interconnect, leaving four high-speed portsthat can be used as XAUI, 10 Gb Ethernet, PCIe, SATA, etc., forattachment to I/O. The vast majority of trees and fat trees have activenodes only as leaf nodes, and the other nodes are pure switching nodes.This approach makes routing much more straightforward. Topology 800 hasthe flexibility to permit every node to be a combination computationaland switch node, or just a switch node. Most tree-type implementationshave I/O on the leaf nodes, but topology 800 let the I/O be on any node.In general, placing the Ethernet at the top of the tree minimizes theaverage number of hops to the Ethernet.

In more detail, the ovals shown in the tree-oriented topology in FIG. 6represent independent nodes within a computing cluster. FIG. 5Aillustrates one example implementation of an individual node of thecluster. When looking at a conventional implementation of a topologye.g. in FIG. 6, usually computing nodes are found in the lower levelleaf nodes (e.g. N00-N08), and the upper level nodes don't havecomputing elements but are just network switching elements (N10-N21).With the node architecture shown in FIG. 6A, the A9 Cores (905) may beoptionally enabled, or could be just left powered-off So the upper levelswitching nodes (N10-N21) in FIG. 6 can be used as pure switchingelements (like traditional implementations), or we can power on the A9Cores module and use them as complete nodes within the computingcluster.

The switch architecture calls for a routing frame to be prepended to theEthernet frame. The switch operates only against fields within therouting frame, and does not inspect the Ethernet frame directly. FIG. 5a shows a block diagram of an exemplary switch 900 according to oneaspect of the system and method disclosed herein. It has four areas ofinterest 910 a-d. Area 910 a corresponds to Ethernet packets between theCPUs and the inside MACs. Area 910 b corresponds to Ethernet frames atthe Ethernet physical interface at the inside MACs, that contains thepreamble, start of frame, and inter-frame gap fields. Area 910 ccorresponds to Ethernet frames at the Ethernet physical interface at theoutside MAC, that contains the preamble, start of frame, and inter-framegap fields. Area 910 d corresponds to Ethernet packets between theprocessor of routing header 901 and outside MAC 904. This segmented MACarchitecture is asymmetric. The inside MACs have the Ethernet physicalsignaling interface into the routing header processor, and the outsideMAC has an Ethernet packet interface into the routing header processor.Thus the MAC IP is re-purposed for inside MACs and outside MACs, andwhat would normally be the physical signaling for the MAC to feed intothe switch is leveraged. MAC configuration is such that the operatingsystem device drivers of A9 cores 905 manage and control inside Eth0 MAC902 and inside ETH1 MAC 903. The device driver of management processor906 manages and controls Inside Eth2 MAC 907. Outside Eth MAC 904 is notcontrolled by a device driver. MAC 904 is configured in Promiscuous modeto pass all frames without any filtering for network monitoring.Initialization of this MAC is coordinated between the hardwareinstantiation of the MAC and any other necessary management processorinitialization. Outside Eth MAC 904 registers are visible to both A9 905and management processor 906 address maps. Interrupts for Outside EthMAC 904 are routable to either the A9 or management processor. The XGMACsupports several interruptible events that the CPUs may want to monitor,including any change in XGMII link fault status, hot-plugging or removalof PHY, alive status or link status change, and any RMON counterreaching a value equal to the threshold register.

In some cases, there may be Preamble, Start of Frame, and Inter-Framegap fields across XAUI, depending on the specific micro-architecture.The routing frame header processor may standardize these fields. TheXAUI interface may need some or all of these fields. In this case, therouting header processor at area 910 d needs to add these going into theswitch, and to remove them leaving the switch. To reduce the number ofbytes that need to be sent over XAUI, these three fields may be removed(if the XAUI interface allows it). In this case, the routing headerprocessor at area 910 b will need to strip these going into the switch,and add them back leaving the switch.

The routing frame header processor receives an Ethernet frame from aMAC, sending a routing frame to the switch. It also standardizes thepreamble, start of frame, and inter-frame gap fields, prepends a routingheader, and receives a routing frame from the switch, sending theEthernet frame into a MAC. This processor then strips the routing headerand standardizes the preamble, start of frame, and inter-frame gapfields. Note that all frames that are flowing within the fabric arerouting frames, not Ethernet frames. The Ethernet frame/routing frameconversion is done only as the packet is entering or leaving the fabricvia a MAC. Note also that the routing logic within the switch may changefields within the routing frame. The Ethernet frame is never modified(except the adding/removing of the preamble, start of frame, andinter-frame gap fields).

The routing frame is composed of the routing frame header plus the corepart of the Ethernet frame, and is structured as shown in Table 1,below:

TABLE 1 Routing Frame Header Ethernet Frame Packet RF MAC MAC Ethertype/(data and CRC32 Header destination Source Length padding)

Note that the implementation assumptions for bit sizing are 4096nodes.fwdarw.12 bit node IDs. These fields may be resized duringimplementation as needed.

The routing frame header consists of the fields shown in Table 2, below:

TABLE 2 Width Field (Bits) Notes Domain 5 Domain ID associated with thispacket. 0 indicates ID that no domain has been specified. Mgmt 1Specifies that the packet is allowed on the private Domain managementdomain. Source 12 Source node ID Node Source 2 0 = MAC0, 1 = MAC1, 2 =MAC_management Port processor, 3 = MAC_OUT Dest Node 12 Destination nodeID Dest Port 2 0 = MAC0, 1 = MAC1, 2 = MAC_management processor, 3 =MAC_OUT RF Type 2 Routing Frame Type (0 = Unicast, 1 = Multicast, 2 =Neighbor Multicast, 3 = Link Directed) TTL 6 Time to Live - # of hopsthat this frame has existed. Switch will drop packet if the TTLthreshold is exceeded (and notify management processor of exception).Broadcast 5 Broadcast ID for this source node for this broadcast IDpacket. Checksum Checksum of the frame header fields. Total 46 +checksum

If a switch receives a packet that fails the checksum, the packet isdropped, a statistic counter is incremented, and the managementprocessor is notified.

The routing frame processor differentiates between several destinationMAC address encodings. As a reminder, MAC addresses are formatted asshown in FIG. 5 b. The following table describes the usage of the 3 byteOUI and 3 byte NIC specific field within the MAC address. One of thenovel aspects of the system and method disclosed herein is the use ofadditional address bits to encode an internal to external MAC mapping,as shown also in the Table 3, below, in the second entry under “FabricInternal Node local address Hits MAC Lookup CAM”.

TABLE 3 MAC Address Type 3 bytes OUI 3 bytes NIC Specific OperationExternal Multicast bit Arbitrary Packet unicast Misses MAC not setrouted to Lookup CAM gateway node #. Fabric Internal Arbitrary Nodelocal address (meaning Packet unicast Node local low 2 bits - port unitrouted to address ID) are not present. MAC fabric node # Hits MAC LookupCAM for entry obtained from Lookup CAM marked as Node Local. MAC LookupCAM Fabric Internal Arbitrary Arbitrary Packet unicast Arbitrary MACrouted to address fabric node # Hits MAC obtained from Lookup CAM MACLookup CAM Node Encoded Unicast 10 bits: Packet Unicast LocallySS_MAC_NODE_ENCODED_MAGIC unicast administered 12 bits: Node ID routedto OUI == Switch 2 bits: Port ID Node ID. OUI Link Encoded Unicast 12bits: Packet sent Unicast Locally SS_MAC_LINK_ENCODED_MAGIC downspecific administered 7 bits: Reserved Link #. OUI == Switch 3 bits:Link # (0-4) OUI 2 bits: Port Multicast/ Multicast bit Arbitrary PacketBroadcast set broadcast routed through fabric and gateways. NeighborMulticast bit 12 bits: Packet sent Multicast set SS_NEIGHBOR_MCAST_MAGICthrough all Locally 12 bits: Reserved XAUI links to administeredneighboring OUI = Switch nodes and not OUI rebroadcast to other nodes

Further, other novel aspects can be found in Table 3 under “Node EncodedUnicast” as well as “Link Encoded Unicast,” allowing one internal nodeor link to address all external MAC sections, and the “NeighborMulticast” entry, allowing a multicast to neighboring nodes.

Note that the values SS_MAC_NODE_ENCODED_MAGIC andSS_MAC_LINK_ENCODED_MAGIC are constant identifiers used for uniquelyidentifying these MAC address types. The term “magic number” is astandard industry term for a constant numerical or text value used toidentify a file format or protocol. These magic numbers are configuredin two registers (magicNodeEncodedMAC and magicLinkEncodedMAC thatdefault to standard values during hardware initialization, but allow themanagement processor software to change them if necessary.

The header processor contains a MAC Lookup CAM (Content AddressableMemory), macAddrLookup, that maps from 6 byte MAC addresses to 12-bitNode IDs, as shown in Table 4, below.

TABLE 4 MAC Lookup MAC Lookup CAM Input CAM Output Node Local MACAddress Node ID Port ID 1 bit 6 bytes 12 bits 2 bits

The number of rows in this CAM is implementation dependent, but would beexpected to be on the order of 256-1024 rows. The management processorinitializes the CAM with Node ID mappings for all the nodes within theSS fabric. There are two types of rows, depending upon the setting ofthe Node Local bit for the row. The Node Local field allows a 4:1compression of MAC addresses in the CAM for default MAC addresses,mapping all four MACs into a single row in the CAM table, which is Table5, below.

TABLE 5 MAC Address Node Type Local MAC Address Port ID Node 1 A NodeEncoded Address refers to Taken from Local a Smooth Stone assigned MAClow 2 bits of address for a node. It encodes the MAC port # (MAC0, MAC1,management Address processor, Rsvd) into a 2- bit Port Input ID in thelowest two bits of the NIC address field. Ignores low 2 bits duringmatch. Arbitrary 0 Matches against all 6 bytes Taken from CAM Outputfield

The arbitrary rows in the CAM allow mapping of the MAC address aliasesto the nodes. Linux (and the MACs) allow the MAC addresses to bereassigned on a network interface (e.g., with ifconfig eth0 hw ether00:80:48:BA:d1:30). This is sometime used by virtualization/cloudcomputing to avoid needing to re-ARP after starting a session.

The switch architecture provides for a secondary MAC Lookup CAM thatonly stores the 3 bytes of the NIC Specific part of the MAC address forthose addresses that match the Switch OUI. The availability of thislocal OUI CAM is determined by the implementation. See Table 6, below.

TABLE 6 MAC Lookup CAM Input MAC Lookup CAM Output MAC Address NICSpecific Node ID Port ID 3 bytes 12 bits 2 bits

The maximum number of nodes limitation for three types of MAC addressencodings may be evaluated as follows:

1. Default MAC Addressees—management processor sets Node Local mappingsfor each of the nodes in the fabric. There is one entry in the CAM foreach node. Max # of nodes is controlled by maximum # of rows in the MACAddress Lookup CAM.

2. Node Encoded Addresses—All the MACs are reprogrammed to use NodeEncoded Addresses. In this way the Node IDs are directly encoded intothe MAC addresses. No entries in the MAC Lookup CAM are used. Max # ofnodes is controlled by maximum # of rows in the Unicast lookup table(easier to make big compared to the Lookup CAM). Note that this alsogives us some risk mitigation in case the MAC Lookup CAM logic isbusted. Provides use case for the node encoded addresses idea.

3. Arbitrary MAC Address Aliases—Takes a row in the CAM. As an example,a 512-row CAM could hold 256 nodes (Node local addresses)+1 MAC addressalias per node.

Since the Lookup CAM is only accessed during Routing Header creation,the management processor actually only needs to populate a row if theMAC address within the fabric is being used as a source or destinationMAC address within a packet. In other words, if two nodes never willtalk to each other, a mapping row does not need to be created. Butusually the management processor won't have that knowledge, so it'sexpected that mappings for all nodes are created in all nodes. Also notethat even if an entry is not created in the Lookup CAM, the routing willactually still succeed by routing the packet out the Ethernet gateway,through an external router, back into the Fabric, to the destinationnode.

Table 7 defines how to set fields within the Routing Header for all thefields except for destination node and port.

TABLE 7 Field Set To Domain ID Set to the macDomainID field for the MACthat the packet came from. Mgmt Set to the macMgmtDomain field for theMAC that Domain the packet came from. Source Node Switch Node ID SourcePort Source MAC Port ID RF Type Multicast (if dstMAC multicast and notNeighbor Multicast format) Neighbor Multicast (if dstMAC multicast andis Neighbor Multicast format) Link Directed (is Link Encoded format)Unicast (if not one of the above) TTL 0 Broadcast If dstMAC is unicast -Set to 0 ID If dstMAC is multicast - Set to incremented local broadcastID (bcastIDNext++ & 0xf)

Table 8 defines how to set destination node and port for addresseswithin the fabric:

TABLE 8 Field: Field: Destination Destination Case Node Port NodeEncoded Dest Address Dest Node Dest Port Link Encoded Dest AddressEncoded Link Dest Port Hits Lookup CAM (node local) CAM Dest Node DestMAC (low 2 bits) Hits Lookup CAM (not node local) CAM Dest Node CAM DestPort

Table 9 defines how to set destination node and port for addressesoutside the fabric:

TABLE 9 Field: Field: Destination Destination Case Node Port Came in anOUT Ethernet, but no Drop packet, update secondary gateway definedstatistics counter Came in an OUT Ethernet, and secondaryEthGateway- OUTsecondary gateway defined Node[OUT] From an Inside MAC, but no Droppacket, update primary gateway defined statistics counter, and notifymanagement processor From an Inside MAC, and primaryEthGateway- OUTprimary gateway defined Node[fromPort]

Additionally, the management processor software architecture of thesystem and method disclosed here currently depends on the ability ofmanagement processor nodes to “trust” each other. This more rigoroussecurity on management processor to management processor communicationis desirable, as well a better security on private management LANsacross the fabric. This fabric issue may be mitigated by simplydefining, for environments that require multiple “hard” securitydomains, that customers simply don't mix security domains within afabric. In such cases, it may be possible to connect 14-node boards tothe top of rack switch, allowing customers to have VLAN granularitycontrol of each 14-node board.

The multi-domain fabric architecture that has been described addressesthe lack of VLAN support by creating secure “tunnels” and domains acrossthe fabric, and it can interoperate with VLAN protected router ports ona 1:1 basis.

The approach to domain management in the system and method disclosedhere is as follows: Support multiple domain IDs within the fabric. Alloweach of the MACs within a node (management processor, MAC0, MAC1,Gateway) to be assigned to a domain ID individually (and tagged withdomain 0 if not set). Allow each of the MACs within a node to have a bitindicating access to the management domain. The domain IDs associatedwith a MAC could only be assigned by the management processor, and couldnot be altered by the A9. For frames generated by MACs (both inside andoutside), the routing frame processor would tag the routing frame withthe domain ID and management domain state associated with that MAC.Domains would provide the effect of tunnels or VLANs, in that they keeppackets (both unicast and multicast) within that domain, allowing MACsoutside that domain to be able to neither sniff or spoof those packets.Additionally, this approach would employ a five-bit domain ID. It wouldadd options to control domain processing, such as, for example, a switchwith a boolean per MAC that defines whether packets are delivered withnon-defined (i.e., zero) domain ID, or a switch that has a boolean perMAC that defines whether packets are delivered with defined (non-zero)but non-matching domain IDs. A further option in the switch could turnoff node encoded MAC addresses per MAC (eliminating another style ofpotential attack vector).

To keep management processor to management processor communicationsecure, the management domain bit on all management processor MACs couldbe marked. Generally, the management processor should route on domain 1(by convention). Such a technique allows all the management processor'sto tunnel packets on the management domain so that they cannot beinspected or spoofed by any other devices (inside or outside thefabric), on other VLANs or domains. Further, to provide a securemanagement LAN, a gateway MAC that has the management domain bit setcould be assigned, keeping management packets private to the managementprocessor domain. Additionally, the switch fabric could support“multi-tenant” within itself, by associating each gateway MAC with aseparate domain. For example, each gateway MAC could connect to anindividual port on an outside router, allowing that port to beoptionally associated with a VLAN. As the packets come into the gateway,they are tagged with the domain ID, keeping that traffic private to theMACs associated with that domain across the fabric.

The switch supports a number of registers (aka CSRs, aka MMRs) to allowsoftware or firmware to control the switch. The actual layout of theseregisters will be defined by the implementation. The fields listed inTable 10 are software read/write. All these registers need to have amechanism to secure them from writing from the A9 (could be secure modeor on a management processor private bus).

TABLE 10 Field Size Notes Adaptive 1 bit Adaptive unicast routingenabled. broadcastLateral 1 bit Enable to have broadcasts go throughlateral links, rather than just Up and Down links. Turning this off willwork for most topologies and will reduce # duplicate broadcast packets.intPortBroadcastVec 4 bits Vector of ports to send internally generatedbroadcast packet into. extPortBroadcastVec 4 bits Vector of ports tosend externally generated broadcast packet into. linkDir[LINKS] Array[LINKS] × Specifies link direction for each link 2 bits (0 = DOWN, 1 =LATERAL, 2 = UP, 3 = Rsvd) linkState 5 bits Link state vector for eachof the 5 links. Bit set indicates that link is active (trained andlinked). linkType[LINKS] Array [LINKS] × Specifies type of each link 2bits (0 = No Link, 1 = XAUI, 2 = Ethernet} localBroadcastM3Snoop 1 bitWhen set, then we'll always send a copy of the locally initiatedbroadcast into the management processor. The use case here is where themanagement processor wants to see the gratuitous ARPs that are locallyinitiated so that it can communicate across the management processorfabric and add corresponding entries into the local unicast routingtables. macAddrLookup Lookup CAM which is MAC address lookup CAM toconvert MAC described elsewhere in addresses to Node IDs. the documentmacAcceptOtherDomain[MAC] 1 bit[MAC] Defines that the MAC acceptspackets that are tagged with a non-zero, non-matching domain ID.macAcceptZeroDomain[MAC] 1 bit[MAC] Defines that the MAC accepts packetsthat are not tagged with a domain (i.e. 0 domain) macDomainID[MAC] 5bits[MAC] Defines the Domain ID for each of the 4 MACs. A value of 0indicates that the domain ID for that MAC is not set. macMgmtDomain[MAC]1 bit[MAC] Defines that the MAC may access the management domain.Setting this tags the management domain in the routing frame, as well asallows the switch to route management frame packets into this MAC.magicNodeEncodedMAC 10 bits Magic number for Node Encoded MAC addressesmagicLinkEncodedMAC 12 bits Magic number for Link Encoded MAC addressesmaxTTL 6 bits Maximum TTL count allowed in a routing header. Exceedingthis number of hops causes the switch to drop the packet, update astatistic counter, and inform the management processor. myNodeID 12 bitsNeed not be contiguous. Subtree's should ideally be numbered within arange to facilitate subtree network proxying. myOUI 3 bytes 3 upperbytes of MAC addresses in fabric. Should be the same for all nodes inthe fabric. nodeRangeEnable 1 bit Enables the expanded Node ID matchingof [nodeRangeLo, nodeRangeHi]. Used for Network Proxying through asubtree. When enabled, a packet will be routed into the node (ratherthan through the node) if either DstNode == myNodeID OR (nodeRangeLo <=DstNode <= nodeRangeHi). nodeRangeHi 12 bits Enabled withnodeRangeEnable. Specifies high node ID of node range match. nodeRangeLo12 bits Enabled with nodeRangeEnable. Specifies low node ID of noderange match. noFlowControl 1 bit When enabled, there will be no flowcontrol. portRemap[INT_PORTS]; Array [INT_PORTS] × Allows remapping ofincoming destination 2 bits port IDs to the internal port where it'll bedelivered. This register defaults to an equivalence remapping. Anexample of where this will get remapped is during Network Proxy wherethe management processor will remap MAC0 packets to be sent to themanagement processor. INT_PORTS = 4. Array elements are the Portsenumeration (management processor, MAC0, MAC1, OUT). 2 bits contents isthe Ports enumeration. primaryEthGatewayNode[INT_PORTS] Array[INT_PORTS] Specifies Node ID of primary Ethernet of 12-bit gateway forthis node. Packets destined to node IDs that aren't within the fabricwill get routed here. promiscuousPortVec 4 bits Can be configured forPromiscuous Mode allowing traffic on one or more links to be snooped bythe management processor or A9s in order to collect trace data or toimplement an Intruder Detection System (IDS). This causes all trafficpassing through the switch to be copied to the internal ports defined bythis port vector. routeForeignMACsOut 1 bit When enabled, a MAC addressthat does not contain a myOUI address, will not check the MAC lookupCAM, and will get treated as a MAC lookup CAM miss, thus getting routedto the gateway port. This saves latency in the common case of notpopulating the CAM with foreign MAC aliases.secondaryEthGatewayNode[INT_PORTS] Array [INT_PORTS] Specifies Node IDof secondary Ethernet of 12-bit gateway. Incoming (from OUT) packetsrouting through the fabric will be sent here. unicastPortsFromOtherExt 1bit An incoming unicast from an external Gateways gateway will get thegateway node put into the source node field of the routing header. Uponreaching the destination node, this bit will be checked. When the bit isclear, the external ateway node must match the destination gateway nodefor it to be delivered to internal ports. This is to handle the casewhere the fabric is connected to an external learning switch that hasn'tyet learned the mac/port relationship, and floods the unicast packetdown multiple ports. This will prevent a fabric node from getting theunicast packet multiple times. unicastRoute[NODES] Array [NODES] of Linkvector of unicast next route. 10 bits is 2- 10 bits bit weight for eachof 5 links.

The registers shown in Table 11 are contained within the Switchimplementation, but need not be software accessible.

TABLE 11 Field Size Notes bcastIDNext 5 bits Next broadcast sequence IDto issue next. Hardware will increment this for each broadcast packetinitiated by this node. bcastIDSeen[BCAST_ID_LEN] Array[BCAST_ID_LEN]FIFO list of broadcast tags seen by of 5 bits. this node.bcastIDSeenNext # bits to index into Next array position intoBCAST_ID_LEN bcastIDSeen[ ] to insert a broadcast tag.

Note that software should be able to update the routing tables(unicastRoute) and the macAddrLookup CAM atomically with respect toactive packet routing. One implementation will be to hold off routingaccess to these tables during an update operation.

Broadcast/Multicast Routing

FIG. 6 shows an exemplary broadcast mechanism 1000 according to oneaspect of the system and method disclosed herein. The link between nodesN10 1001 and N21 1002 is down, as indicated by the dashed line 1003.During routing header generation of multicast packets, the source nodeputs an incremented broadcast ID for that source node in the routingframe (rframe.bcastID). When a node receives a multicast routing frame(i.e.rframe.rfType==Multicast.parallel.rframe.rfType==NeighborMulticast)-, itchecks to see whether it has already seen this broadcast packet. Thecheck is done by accessing the bcastIDSeen CAM with a tag formed withthe broadcast source node and the broadcast ID. If it has already beenseen (i.e. CAM hit), no action is be performed. If the broadcast framehas not been seen before, it broadcasts it to appropriate internal portsand external gateways (intPortBroadcastVec register) and rebroadcasts itthrough all outward XAUI links except for the link it came in on. Notethat it only broadcasts through laterals if the broadcastLateralregister is set. It is unnecessary to broadcast laterals on mosttopologies, and doing so may reduce the number of duplicated broadcastpackets by disabling it. It then adds this broadcast tag to thebcastIDSeen CAM in FIFO order. In FIG. 7, N04 1004 initiates a broadcastto all neighbors, i.e., N11 1105. N11 has not seen the packet, so itbroadcasts to all non-incoming neighbors, which, in this example, areN21 1002, N20 1006, N03 1007, and N05 1008, and accepts the packetinternally. Nodes N03 and N05 haven't seen the packet, so they acceptthe broadcast internally and are done. N21 hasn't seen the packet, so itbroadcasts the packet to all active, non-incoming links (e.g., N10, N121009), and accepts the packet internally. N20 broadcasts the packet toall active, non-incoming links (i.e., N12), and accepts the packetinternally. N10 broadcasts down to N00 1010, N01 1011, and N02 1012. N12rebroadcasts to N06 1013, N07 1014, N08 1015 and to one of N21 and N20(the one it didn't get the broadcast packet from). Note that one of N20and N21, and N12, see the packet twice. They take action only on theirfirst instance, the secondary times it hits the broadcast CAM as aduplicate, and the packet is ignored.

Unicast Routing

Unicast to Other Node

Unicast routing (as shown in FIG. 7) is responsible for routingnon-multicast (i.e. unicast) packets to the next node. This is done byutilizing a software computed unicastRoute[ ] next node routing tablethat provides a vector of available links to get to the destinationnode.

Condition

rframe.rfType=Unicast

Routing

There are substantial complexities related to routing around faults.Fault free routing and routing around faults will be discussedseparately.

Traditionally in tree routing, the packet will be routed upward until acommon parent of (source, destination) is reached. This upward routingcan be deterministic, oblivious, or adaptive. The packet is then routeddownward to the destination using deterministic routing.

As an example, FIG. 7 illustrates a packet routing from node N00 1010 toN08 1015. The packet is routed in the upward phase to the commonancestor (N21) through node N10 1001, and then a descent phase to thedestination.

Note that during the upward phase at node N10, there are two candidatelinks (N10,N21) and (N10,N20). The first candidate link could be chosendeterministically, or an adaptive algorithm could dynamically selecteither of the links. But, once the node reaches the common ancestor andturns downward, there are no redundant paths (in general) for the nodeto reach the destination.

Unicast Routing in the Presence of No Faults

Each link is annotated within this unicastRoute table with a 2-bitlinkWeight where software can express the relative cost/distance to thedestination node via this link. By convention, link weights shouldrepresent:

0=No route

3=Direct next-hop connection

1 and 2=Software computed relative costs. As an example if there areroutes across 3 links with costs of 2 hops, 3 hops, and 6 hops, thefirst two links could be assigned weight=2 and the 6 hops path could beassigned weight=1.

Algorithm for Fault-Free Unicast Routing:

Get link weight vector from the unicast routing tablelinkWeightVector=unicastRoute[rframe.dstNode] Remove link that it camein on to remove possibility of sending it back Remove any links that arenot up At this point, have a candidate list of links with associatedlink weights.

Iterate through link weights, starting with highest priority (3) downthrough 1. Gather candidate list of links at this priority, stoppingonce the candidate list has at least one link. The result is a candidatelist of links at the highest priority. As an example, if there are 2links at weight=2, and 2 links at weight=1, the prioritized candidatelist will contain the two links at weight=2.

The adaptive register is checked to determine whether to do adaptive ordeterministic routing.

adaptive==0 indicates that deterministic routing is to be used, so thefirst link is chosen from the prioritized candidate list.

adaptive==1 indicates that adaptive routing is to be used. The switchimplementation will choose an algorithm for adaptively choosing thetarget link from the prioritized candidate list. This adaptive algorithmcould be as simple as round-robin around the list. Alternatively, maychoose to factor in other attributes e.g. FIFO free depth, link speed, .. . .

An implementation option could be to add a register option to allow therouter to adaptively choose from all non-zero weights, or to onlyadaptively choose from the highest priority candidate lists.

The packet is sent out the selected link.

Fault-Resilient Unicast Routing

A couple of issues contribute to the complexity of fault-resilientunicast routing:

The desire to do fault routing with only localized knowledge. A nodeimplicitly knows that a link is down to a neighbor node. We choose adesign to avoid having to communicate that a link (or node) goes downelsewhere in the fabric due to the complexities of maintaining a global,unified state in the presence of failures.

The nature of routing in a tree. During the ascent phase of packetrouting, links can be adaptively chosen from redundant links so it canbe straightforward to avoid a link with the normal adaptive linkselection.

But, once the packet starts descending, traditionally there is notredundant paths for the descent path (that follow the routing rules), sofault routing can become challenging.

FIG. 8 illustrates a link failure (N10,N21) and unicast routing selectedthe (N10, N20) link using the normal adaptive routing algorithmpreviously described. But note, if the packet is routed up to N20 andlink (N20,N12) is down, it has no easy path to get to the destination.

We have two approaches to handling routing around fails:

Software can compose alternative but non-desirable routes with weight=1.We'll call these escape routes. These are low priority routes that mayviolate the strict routing rules used during routing around faults. Asan example, if the link (N20, N12) was down, the unicastRoute[N08] entryfor N20 could contain link to N12 with weight=2 and a link to N11 withweight=1. In this way, the normal adaptive routing algorithms willautomatically do the N20->N11->N21->N12->N08 path.

The fabric architecture includes a technique that we refer to as“misrouting”. Misrouting provides for iterative backtracking

Both of these techniques will provide substantial unicastfault-resilience.

Unicast Misrouting

As an example, consider the following topology, with 3 links 1101, 1102and 1103 that have failed (shown in Red in FIG. 9). Consider a unicastroute from N0 to N3. We'll consider the following routing to understandthe misrouting technique, understanding that this is only one of severalroutes that could have been chosen adaptively.

Packet routed N0 to N6.

Packet routed N6 to N10

N10 sees that it has no paths to get to N3, other than the link it camein on. N10 sets the misrouting bit in the routing header, and sends itback to N6.

N6 sees that the packet is being misrouted, sets the bit for the N10link in the misrouteVector in the routing header, chooses an alternativelink that has not been misrouted, and sends the packet to N11.

N11 sees that it has no path to N3, other than the link it came in on.misrouting bit is already on, and sends it back to N6.

N6 sees that the packet is being misrouted, adds N11 link to themisrouteVector (now contains N10 and N11 link IDs), chooses analternative link that has not been misrouted, and sends it N7.

N7 sees that the misrouting bit is set, but does have a valid link to N3(to N12), and thus clears the misrouting bit in the header, and forwardsthe packet to N12.

N12 sends to N9.

N9 unicastRoute now likely contains link to N3 (weight=3) and link to N8(weight=2). Normal adaptive routing will not choose the direct link toN3 since it's down, and will route the packet to N8, then finally to N3.

If N6 had exhausted its list of candidate links (meaning themisrouteVector masked them all), the implementation then has twochoices:

drop the packet and inform the M3 of the failure to route.

clear the misrouteVector leaving misrouting set, and forward the packetthrough one of the downward facing links (if one exists). This willretry misrouting at one layer lower. The implementation may want to havea register bit (enableRecursiveMisrouting) to enable this retry at lowerlayer option.

There is a register enableMisrouting that allows software to controlwhether the switch will initiate the misrouting algorithm.

Multi-Domaining

Also known to the inventors is Multi-Domaining, whose goal is toincrease the addressability of nodes to a large number of nodes (e.g.,64K nodes), without having to increase the size of the unicast routingtable to 64K nodes.

As currently described, the unicast routing table is a single-dimensionarray indexed by node number (i.e. 0 to MAX_NODES−1), where a typicalimplementation will be between 256 and 4K nodes.

This section will now describe how the current architecture is alteredto support multiple domains, with 64K max nodes.

The node namespace is changed from a node ID from 0 to MAX_NODES−1, to a2-tuple of (domain ID, node ID), where both domain ID and node ID rangefrom 0 to 255. So, there can effectively be 256 domains where eachdomain can contain up to 256 nodes.

The unicast routing table is changed from a single dimension table ofsize MAX_NODES, to a two-dimension table of size 256. The unicastrouting table is now changed from a structure of unicastRoute[NODES] tounicastRoute[2][256].

Local domain routing: When routing to a node within this domain, theunicast routing table is accessed as unicastRoute[0] [node ID], andprovides a weighted link vector to route to the specified node ID fromthe current node.

Remote domain routing: When routing to a node within a remote domain,the unicast routing table is accessed as unicastRoute[1][domain ID], andprovides a weighted link vector to route to the specified domain ID fromthe current node.

Routing frame: One bit is added to the routing frame, dstRemote, whichis set true when routing to a remote domain.

Locally administered MAC addresses: The section below describes the NodeEncoded Unicast MAC address encoding as follows:

Node Unicast 10 bits: Encoded Locally SS_MAC_NODE_ENCODED_MAGIC Unicastadministered 12 bits: Node ID OUI == Switch 2 bits: Port ID OUI

This gets altered for multi-domaining as follows:

Node Unicast 6 bits: Encoded Locally SS_MAC_NODE_ENCODED_MAGIC Unicastadministered 8 bits: Domain ID OUI == Switch 8 bits: Node ID OUI 2 bits:Port ID

Creating the routing frame header: Table 2 describes the algorithms forcreating the routing frame header. This is augmented in themulti-domaining case by:

if ( dstDomain == myDomainID ) { // Route to local domainrframe.dstRemote = false; rframe.dstNode = dstNode; } else [ // Route toremote domain rframe.dstRemote = true rframe.dstNode = dstDomain;

Network Proxy

The concept of network proxy is the ability of the main processors (FIG.5A, 905) to maintain network presence while in a low-powersleep/hibernation state, and intelligently wake when further processingis required. There are several architectural features related to NetworkProxy:

There is a CSR (portRemap) to allow the remapping of Port IDs. Ineffect, when the switch is to deliver a packet to an internal MAC0 port(e.g. FIG. 5A, 902), this Port Remapping CSR allows software to remapMAC0 to the management processor MAC (e.g. FIG. 5A, 907) and have thepacket delivered to the management processor for Network Proxyprocessing. This remapping CSR could also be used to remap MAC1 trafficto MAC0, or MAC1 traffic to the management processor.

Normally, the switch looks at the destination node ID of the routingframe to decide whether the packet is delivered to an internal portwithin the node, or gets routed to other XAUI connected nodes. This isdone by matching Destination Node ID to “My Node ID”. The Node ID Matchregister (nodeRangeLo, nodeRangeHi) causes the packet to be delivered toan internal port within the node ifnodeRangeLo<=Destination_Node<=nodeRangeHi.parallel.myNodeID==Destination_Node.This allows a node to proxy for a subtree of nodes. A typical usesequence would be of the form:

Management processor maintains the IP to MAC address mappings for MAC0and MAC1 on the node. This can be done via either explicit communicationof these mappings from the main processor OS to the managementprocessor, or can be done implicitly by having the management processorsnoop local gratuitous ARP broadcasts.

The main processor coordinates with the management processor to go to alow power dormant state. During this transition, the managementprocessor sets up the Port ID remapping CSR to route MAC0 and MAC1traffic to the management processor.

The management processor processes any incoming MAC0/MAC1 packets. Thereare 3 categories of processing:

Respond to some classes of transactions that require simple responses(e.g. ARP responses and ICMP ping).

Dump and ignore some classes of packets, typically unicast or broadcastpackets that are targeting other computers.

Decide that the main processor must be woken to process some classes ofpackets. The management processor will wake the main processor, undo thePort ID remapping register, and re-send the packets back through theswitch where they will get rerouted back to MAC0/1.

Wake-On-LAN Magic Packet

In a traditional desktop computer, the computer to be woken is shut down(sleeping, hibernating, or soft off; i.e., ACPI state G1 or G2), withpower reserved for the network card, but not disconnected from its powersource. The network card listens for a specific packet containing itsMAC address, called the magic packet, broadcast on the broadcast addressfor that particular subnet (or an entire LAN, though this requiresspecial hardware or configuration). The magic packet is sent on the datalink or layer 2 in the OSI model and broadcast to all NICs within thenetwork of the broadcast address; the IP-address (layer 3 in the OSImodel) is not used. When the listening computer receives this packet,the network card checks the packet for the correct information. If themagic packet is valid, the network card takes the computer out ofhibernation or standby, or starts it up.

The magic packet is a broadcast frame containing anywhere within itspayload: 6 bytes of ones (resulting in hexadecimal FF FF FF FF FF FF),followed by sixteen repetitions of the target computer's MAC address.Since the magic packet is only scanned for the string above, and notactually parsed by a full protocol stack, it may be sent as a broadcastpacket of any network- and transport-layer protocol. It is typicallysent as a UDP datagram to port 0, 7 or 9, or, in former times, as an IPXpacket.

Using the Network Proxy architecture just described, the managementprocessor can support these Wake-On-LAN packets. It will get thesebroadcast packets, will know the MAC addresses for the other MACs on thenode, and be able to wake up the main processor as appropriate. Nofurther functionality is needed in the switch to support theseWake-on-LAN packets.

While the foregoing has been with reference to a particular embodimentof the invention, it will be appreciated by those skilled in the artthat changes in this embodiment may be made without departing from theprinciples and spirit of the disclosure, the scope of which is definedby the appended claims.

What is claimed is:
 1. A switch fabric system, comprising a plurality ofnodes; a plurality of links associated with each node that connect thenode to another node in the plurality of nodes to create one of a treetopology and a graph topology of the switch fabric for routing datathrough the plurality of nodes; and wherein each link is designated asone of an Up link, a Down link and a Lateral link within the topology.